[TYPO3] Address-hounters, this is interesting for you: feevcal.. (and all the others: better fix this..)
zabined
deeken at oligoform.de
Thu Jul 13 15:44:29 CEST 2006
hi dimitry,
no panic (or did you install feevcal in an "open" section without
changing the template but don't want to tell the users data... hm than
better fix this..)
next time I will contact security (thanks for the adress), but this is
the first time in my life I (maybe) found a security-injection.
In other extensions (forum and frontend-user-registration, i guess) a
list of frontendusers is a feature..
I decided to post here because I thought it to be a rather undocumented
feature, that would be good to be aware of for people who use the extension.
feevcal is a very open tool, all people who can see it can put in their
events on the page, and for that reason I'm quite sure that the most
Typo3-Admins put in into a frontend-users area of the website where
Information about the other community-people is not tragic, or even wanted.
other thing: there are hundreds of warnings in the web to be careful
with unreviewed code.. (when I installed feevcal I was aware..)
Sabine
More information about the TYPO3-english
mailing list